field public static final java.lang.String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources";
field public static final java.lang.String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts";
field public static final java.lang.String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media";
+ field public static final java.lang.String DISALLOW_NETWORK_RESET = "no_network_reset";
field public static final java.lang.String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam";
field public static final java.lang.String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls";
field public static final java.lang.String DISALLOW_REMOVE_USER = "no_remove_user";
field public static final java.lang.String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources";
field public static final java.lang.String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts";
field public static final java.lang.String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media";
+ field public static final java.lang.String DISALLOW_NETWORK_RESET = "no_network_reset";
field public static final java.lang.String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam";
field public static final java.lang.String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls";
field public static final java.lang.String DISALLOW_REMOVE_USER = "no_remove_user";
public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering";
/**
+ * Specifies if a user is disallowed from resetting network settings
+ * from Settings. This can only be set by device owners and profile owners on the primary user.
+ * The default value is <code>false</code>.
+ * <p/>This restriction has no effect on secondary users and managed profiles since only the
+ * primary user can reset the network settings of the device.
+ *
+ * <p/>Key for user restrictions.
+ * <p/>Type: Boolean
+ * @see #setUserRestrictions(Bundle)
+ * @see #getUserRestrictions()
+ */
+ public static final String DISALLOW_NETWORK_RESET = "no_network_reset";
+
+ /**
* Specifies if a user is disallowed from factory resetting
* from Settings. This can only be set by device owners and profile owners on the primary user.
* The default value is <code>false</code>.
@Override
public void factoryReset() {
enforceConnectivityInternalPermission();
+
+ if (mUserManager.hasUserRestriction(UserManager.DISALLOW_NETWORK_RESET)) {
+ return;
+ }
+
final int userId = UserHandle.getCallingUserId();
// Turn airplane mode off
setAirplaneMode(false);
- // Untether
- for (String tether : getTetheredIfaces()) {
- untether(tether);
+ if (!mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_TETHERING)) {
+ // Untether
+ for (String tether : getTetheredIfaces()) {
+ untether(tether);
+ }
}
- // Turn VPN off
- VpnConfig vpnConfig = getVpnConfig(userId);
- if (vpnConfig != null) {
- if (vpnConfig.legacy) {
- prepareVpn(VpnConfig.LEGACY_VPN, VpnConfig.LEGACY_VPN, userId);
- } else {
- // Prevent this app (packagename = vpnConfig.user) from initiating VPN connections
- // in the future without user intervention.
- setVpnPackageAuthorization(vpnConfig.user, userId, false);
+ if (!mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN)) {
+ // Turn VPN off
+ VpnConfig vpnConfig = getVpnConfig(userId);
+ if (vpnConfig != null) {
+ if (vpnConfig.legacy) {
+ prepareVpn(VpnConfig.LEGACY_VPN, VpnConfig.LEGACY_VPN, userId);
+ } else {
+ // Prevent this app (packagename = vpnConfig.user) from initiating VPN connections
+ // in the future without user intervention.
+ setVpnPackageAuthorization(vpnConfig.user, userId, false);
- prepareVpn(vpnConfig.user, VpnConfig.LEGACY_VPN, userId);
+ prepareVpn(vpnConfig.user, VpnConfig.LEGACY_VPN, userId);
+ }
}
}
}
private final INetworkManagementService mNetworkManager;
private UsageStatsManagerInternal mUsageStats;
private final TrustedTime mTime;
+ private final UserManager mUserManager;
private IConnectivityManager mConnManager;
private INotificationManager mNotifManager;
mDeviceIdleController = IDeviceIdleController.Stub.asInterface(ServiceManager.getService(
DeviceIdleController.SERVICE_NAME));
mTime = checkNotNull(time, "missing TrustedTime");
+ mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
HandlerThread thread = new HandlerThread(TAG);
thread.start();
*/
void updateRulesForGlobalChangeLocked(boolean restrictedNetworksChanged) {
final PackageManager pm = mContext.getPackageManager();
- final UserManager um = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
// If we are in restrict power mode, we allow all important apps
// to have data access. Otherwise, we restrict data access to only
: ActivityManager.PROCESS_STATE_TOP;
// update rules for all installed applications
- final List<UserInfo> users = um.getUsers();
+ final List<UserInfo> users = mUserManager.getUsers();
final List<ApplicationInfo> apps = pm.getInstalledApplications(
PackageManager.GET_UNINSTALLED_PACKAGES | PackageManager.GET_DISABLED_COMPONENTS);
public void factoryReset(String subscriber) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
+ if (mUserManager.hasUserRestriction(UserManager.DISALLOW_NETWORK_RESET)) {
+ return;
+ }
+
// Turn mobile data limit off
NetworkPolicy[] policies = getNetworkPolicies(mContext.getOpPackageName());
NetworkTemplate template = NetworkTemplate.buildTemplateMobileAll(subscriber);
// Turn restrict background data off
setRestrictBackground(false);
- // Remove app's "restrict background data" flag
- for (int uid : getUidsWithPolicy(POLICY_REJECT_METERED_BACKGROUND)) {
- setUidPolicy(uid, POLICY_NONE);
+ if (!mUserManager.hasUserRestriction(UserManager.DISALLOW_APPS_CONTROL)) {
+ // Remove app's "restrict background data" flag
+ for (int uid : getUidsWithPolicy(POLICY_REJECT_METERED_BACKGROUND)) {
+ setUidPolicy(uid, POLICY_NONE);
+ }
}
}
}
writeBoolean(serializer, restrictions, UserManager.DISALLOW_DEBUGGING_FEATURES);
writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_VPN);
writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_TETHERING);
+ writeBoolean(serializer, restrictions, UserManager.DISALLOW_NETWORK_RESET);
writeBoolean(serializer, restrictions, UserManager.DISALLOW_FACTORY_RESET);
writeBoolean(serializer, restrictions, UserManager.DISALLOW_ADD_USER);
writeBoolean(serializer, restrictions, UserManager.ENSURE_VERIFY_APPS);
readBoolean(parser, restrictions, UserManager.DISALLOW_DEBUGGING_FEATURES);
readBoolean(parser, restrictions, UserManager.DISALLOW_CONFIG_VPN);
readBoolean(parser, restrictions, UserManager.DISALLOW_CONFIG_TETHERING);
+ readBoolean(parser, restrictions, UserManager.DISALLOW_NETWORK_RESET);
readBoolean(parser, restrictions, UserManager.DISALLOW_FACTORY_RESET);
readBoolean(parser, restrictions, UserManager.DISALLOW_ADD_USER);
readBoolean(parser, restrictions, UserManager.ENSURE_VERIFY_APPS);
DEVICE_OWNER_USER_RESTRICTIONS = new HashSet();
DEVICE_OWNER_USER_RESTRICTIONS.add(UserManager.DISALLOW_USB_FILE_TRANSFER);
DEVICE_OWNER_USER_RESTRICTIONS.add(UserManager.DISALLOW_CONFIG_TETHERING);
+ DEVICE_OWNER_USER_RESTRICTIONS.add(UserManager.DISALLOW_NETWORK_RESET);
DEVICE_OWNER_USER_RESTRICTIONS.add(UserManager.DISALLOW_FACTORY_RESET);
DEVICE_OWNER_USER_RESTRICTIONS.add(UserManager.DISALLOW_ADD_USER);
DEVICE_OWNER_USER_RESTRICTIONS.add(UserManager.DISALLOW_CONFIG_CELL_BROADCASTS);